PwC report: SamSam hackers traced back to WEX platform

Posted 05 March, 2019

The audit firm PwC has reportedly detected the alleged connection between distributors of ransomware programme SamSam and WEX crypto exchange.

According to the released report, PwC found out that WEX platform was used by two Iranian citizens, Faramarz Shahi Savandi and Mohammed Mehdi Shah Mansouri, for money laundering activities. They have laundered significant part of $6 million in BTC that were generated during the 34-month series of hacks and extortion.

"We identified that Iranian money laundering operation as having links with currency exchange WEX (previously known as BTC-e). WEX is most notably known for its alleged involvement in the laundering of some USD 4 billion, transferring of funds to facilitate operations of the threat actor tracked by PwC as Blue Athena, and being responsible for cashing out 95% of ransomware payments made since 2014," the report reads.

In September 2018, the US Department of Justice (DOJ) unveiled detailed information about the SamSam scheme, which operations in the USA and Canada resulted in above $30 million of losses. Sawandi and Mansuri withdrew the funds in local fiat currency, mainly through the Iranian crypto. Some $1.9 million in BTC SamSam received were withdrawn via BTC-e. Although WEX denies its connections with BTC-e, everything in its structure, including trading pairs, design, etc., is almost the same. In addition, WEX accepted the major part of BTC-e’s former users.

With the help of the DOJ’s data, the auditor managed to discover a direct link between the SamSam criminal duo and WEX. 

Pursuant to the Office of Foreign Assets Control (OFAC), "Mohammad Ghorbaniyan and Ali Khorashadizadeh were the operators of the Iran-based bitcoin exchanges that exchange bitcoin ransom payments on behalf of who Sawandi and Mansouri."

Ghorbaniyan is the only contact on enexchanger(dot)com. In addition to various crypto and digital payment systems, such as WebMoney and Perfect Money, enexchanger provided its customers with an opportunity to exchanges between WEX and USD codes, allowing wex(dot)Nz (WEX) customers to withdraw funds directly.

Previous story

05 March, 2019 15:37

← SeedInvest becomes part of Circle: acquisition completed

The cryptocurrency company Circle has reportedly completed the purchase of the equity crowdfunding project SeedInvest, which brings the company one step closer to tokenize securities. The contract has been closed just following the green light from the Financial Industry Regulatory Authority (FINRA). At the same time, the details of the agreement are yet to be disclosed.

SeedInvest becomes part of Circle: acquisition completed

Next story

05 March, 2019 14:12

Ernst & Young rolls out new crypto tax instrument →

Ernst & Young consulting and audit firm commissioned a tool that is aimed to help the crypto market players to cope with their accounting and taxes calculation. The launch of the new solution was announced this Monday. The tool called EY Crypto-Asset Accounting and Tax (CAAT) is developed to facilitate the accounting and tax calculation processes for institutional and individual customers related to the crypto industry.

Ernst & Young rolls out new crypto tax instrument
Write a comment
Prove you’re not a bot + 9 = 22